[TYPO3-core] RFC #12502: Feature: Use HMACs for authencity and integrity checks
Dmitry Dulepov
dmitry.dulepov at gmail.com
Thu Nov 12 15:14:47 CET 2009
Hi!
Marcus Krause wrote:
> There is no additional requirement. Like already pointed out, hmacs are
> in PHP packages by default. And they are in use for extbase.
Yes, this *is* additional requirement because it is additional PHP extension that is necessary for TYPO3 to run. But since it is used in Extbase, we have to add this requirement anyway to INSTALL.txt.
Regarding the rest: features should come in time. If we allow one feature now because it is security, what prevents us from allowing another feature if it is not security? What is the criteria to violate our standard rules? I am for "one and for all" rule: feature freeze is in progress, so no new features unless they are on a special list. But this is my opinion. It is up to release manager to decide. I would say it is not the time now to add anything like this because it is risky.
Marcus, you should have submitted this patch earlier. Sorry.
--
Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.
More information about the TYPO3-team-core
mailing list